Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.01.2013, 00:14   #1
LTB666
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



Hallo,
beim Surfen mit Opera habe ich mir o.g. Trojaner (die Version mit dem Webcam-Bild) eingefangen.
Ich kann den Rechner mittels eines Tricks (schnell Programme öffnen bevor der Bildschirm 'gekapert' wird, dann mittels STRG-ALT-ENTF auf runterfahren, auf die Frage 'Herunterfahren erzwingen' abbrechen anclicken) zum Laufen bringen.
Ich habe Defogger wie beschrieben ohne Probleme ausgeführt, danach dann OTL.

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.01.2013 23:04:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 49,95% Memory free
7,78 Gb Paging File | 6,15 Gb Available in Paging File | 79,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 96,92 Gb Total Space | 48,51 Gb Free Space | 50,05% Space Free | Partition Type: NTFS
Drive D: | 123,45 Gb Total Space | 115,11 Gb Free Space | 93,24% Space Free | Partition Type: NTFS
 
Computer Name: ZENBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.15 22:53:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.10.23 23:58:52 | 000,120,728 | ---- | M] () -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012.04.13 18:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
PRC - [2012.04.10 06:57:26 | 000,193,536 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\irstrtsv.exe
PRC - [2012.03.27 16:02:04 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.03.27 16:02:02 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2012.03.27 16:01:56 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.03.26 18:14:26 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.29 19:08:34 | 001,121,448 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012.02.29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.21 22:49:04 | 000,102,568 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012.02.21 22:49:00 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012.02.21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.21 20:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.02.20 04:31:06 | 000,019,968 | ---- | M] () -- C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
PRC - [2012.02.20 04:31:06 | 000,018,944 | ---- | M] () -- C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
PRC - [2012.02.17 00:01:36 | 000,473,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2012.02.03 00:33:32 | 002,321,072 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011.12.21 22:15:54 | 000,017,872 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
PRC - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2011.05.20 10:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009.12.15 09:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 16:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.21 22:49:00 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2012.01.31 17:25:12 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.29 15:57:36 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012.03.29 15:57:24 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012.03.29 15:57:14 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012.03.29 15:57:10 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012.02.03 06:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2012.01.18 00:12:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012.01.09 20:39:44 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.01.09 21:21:36 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.23 23:58:52 | 000,120,728 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.04.13 18:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2012.04.10 06:57:26 | 000,193,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2012.04.02 09:28:24 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.27 16:02:04 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.03.27 16:02:02 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2012.03.27 16:01:56 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.02.29 01:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.29 01:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.21 20:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.21 20:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.20 04:31:06 | 000,019,968 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV - [2012.02.20 04:31:06 | 000,018,944 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV - [2011.09.02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 09:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.15 16:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.06.11 11:56:34 | 000,022,016 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2012.06.08 16:09:12 | 000,027,136 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2012.06.08 16:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2012.06.08 16:08:28 | 000,031,232 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2012.04.10 06:57:16 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2012.04.05 07:52:08 | 000,110,592 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772b.sys -- (AX88772B)
DRV:64bit: - [2012.04.02 09:28:14 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.27 03:54:40 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012.03.26 18:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.26 18:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.26 18:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.21 19:13:14 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.03.12 22:06:46 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.03.01 03:01:08 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.02.29 19:08:34 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012.02.24 01:56:32 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.02.24 01:56:32 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.02.20 04:31:06 | 000,357,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2012.02.20 04:31:06 | 000,220,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2012.02.20 04:31:06 | 000,107,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2012.02.20 04:31:06 | 000,096,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2012.02.20 04:31:06 | 000,064,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevGen.sys -- (DptfDevGen)
DRV:64bit: - [2012.02.20 04:31:06 | 000,042,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevFan.sys -- (DptfDevFan)
DRV:64bit: - [2012.02.19 19:16:24 | 000,200,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.02.13 17:10:40 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.02.13 16:53:54 | 000,095,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012.01.27 02:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2012.01.27 02:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2012.01.25 14:57:46 | 000,009,728 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2012.01.09 20:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.01.09 20:32:40 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.12.21 22:15:56 | 000,035,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVBus.sys -- (AsusVBus)
DRV:64bit: - [2011.11.10 09:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.08 03:48:28 | 000,016,512 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusVTouch.sys -- (AsusVTouch)
DRV:64bit: - [2011.05.14 00:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.15 11:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.10 14:06:50 | 000,031,744 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motoandroid.sys -- (motandroidusb)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.01.29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.03.01 11:12:16 | 000,103,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabser.sys -- (slabser)
DRV:64bit: - [2007.03.01 11:12:16 | 000,079,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabbus.sys -- (slabbus)
DRV - [2012.02.29 19:08:34 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AiCharger.sys -- (AiCharger)
DRV - [2011.05.25 18:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: d:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.11.18 21:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: d:\Programme\Mozilla Thunderbird\components [2013.01.09 21:36:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: d:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.11.18 21:53:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2013.01.09 21:36:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins
 
[2012.06.21 01:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.23 13:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\w09thd6h.default\extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\Sicherheit\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programme\Sicherheit\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysWOW64\DptfPolicyLpmServiceHelper.exe File not found
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CE57E34-4738-45D0-B7D8-5C6630104BD7}: DhcpNameServer = 100.100.3.213
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32597F59-5609-4802-BA57-63A2EECD86B4}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E990B53D-A4D4-4F9C-8314-EC9B4EA7BE4E}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\Sicherheit\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\Sicherheit\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - C:\Users\***\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 22:53:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.15 21:47:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.01.10 18:10:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.01.08 01:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.08 01:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.08 00:59:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Diving Log
[2013.01.08 00:58:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diving Log 5.0
[2013.01.08 00:58:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Diving Log
[2013.01.08 00:49:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OSTC
[2013.01.08 00:47:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OSTC
[2013.01.06 01:52:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.12.28 17:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Motorola
[2012.12.28 17:07:13 | 000,000,000 | ---D | C] -- C:\Temp
[2012.12.28 17:07:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Motorola Mobility
[2012.12.28 17:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012.12.28 17:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola Mobility
[2012.12.28 17:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012.12.28 17:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.12.28 17:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012.12.28 17:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012.12.28 17:04:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Motorola
[2012.12.28 16:29:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2012.12.28 16:18:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.15 22:56:07 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.01.15 22:53:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.15 22:52:54 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:52:24 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.15 22:34:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 22:21:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.15 21:05:59 | 009,126,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.15 21:05:59 | 000,742,874 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.01.15 21:05:59 | 000,742,718 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013.01.15 21:05:59 | 000,740,588 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.01.15 21:05:59 | 000,737,410 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.01.15 21:05:59 | 000,726,410 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013.01.15 21:05:59 | 000,721,942 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013.01.15 21:05:59 | 000,704,488 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.15 21:05:59 | 000,659,766 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.15 21:05:59 | 000,604,094 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013.01.15 21:05:59 | 000,476,636 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013.01.15 21:05:59 | 000,407,076 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013.01.15 21:05:59 | 000,390,202 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013.01.15 21:05:59 | 000,160,346 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013.01.15 21:05:59 | 000,154,938 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.01.15 21:05:59 | 000,154,910 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013.01.15 21:05:59 | 000,152,502 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013.01.15 21:05:59 | 000,151,314 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.01.15 21:05:59 | 000,151,270 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.15 21:05:59 | 000,148,810 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.01.15 21:05:59 | 000,124,216 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013.01.15 21:05:59 | 000,124,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.15 21:05:59 | 000,113,014 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013.01.15 21:05:59 | 000,096,812 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013.01.15 21:05:59 | 000,086,922 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013.01.15 21:05:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 21:05:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 21:00:38 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\skype.ini
[2013.01.15 21:00:19 | 000,000,387 | ---- | M] () -- C:\Users\***\AppData\Roaming\sp_data.sys
[2013.01.15 20:58:17 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.01.15 20:58:16 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 20:58:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 20:58:12 | 3131,482,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 18:51:51 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.01.15 18:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.01.13 23:49:36 | 000,417,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 23:17:35 | 009,083,500 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.10 18:10:11 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.01.08 01:21:27 | 000,000,116 | ---- | M] () -- C:\Users\***\.jdivelog
[2013.01.08 01:17:25 | 000,000,679 | ---- | M] () -- C:\Users\***\Desktop\jdivelog.lnk
[2013.01.08 00:58:35 | 000,000,664 | ---- | M] () -- C:\Users\***\Desktop\Diving Log 5.0.lnk
[2013.01.08 00:55:03 | 000,004,127 | ---- | M] () -- C:\Users\***\OSTC Planner Defaults.ini
[2013.01.08 00:49:25 | 000,001,659 | ---- | M] () -- C:\Users\Public\Desktop\OSTC Planner 451.lnk
[2012.12.28 17:18:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012.12.28 17:17:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012.12.28 17:17:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012.12.28 17:17:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012.12.28 17:17:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012.12.28 17:08:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012.12.28 16:18:14 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2012.12.24 13:09:26 | 000,001,051 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.24 13:09:12 | 000,001,017 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.15 22:56:07 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.01.15 22:52:54 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe
[2013.01.15 22:52:24 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2013.01.15 20:51:36 | 000,000,004 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.ini
[2013.01.08 01:17:25 | 000,000,679 | ---- | C] () -- C:\Users\***\Desktop\jdivelog.lnk
[2013.01.08 01:17:15 | 000,000,116 | ---- | C] () -- C:\Users\***\.jdivelog
[2013.01.08 00:58:35 | 000,000,664 | ---- | C] () -- C:\Users\***\Desktop\Diving Log 5.0.lnk
[2013.01.08 00:49:29 | 000,004,127 | ---- | C] () -- C:\Users\***\OSTC Planner Defaults.ini
[2013.01.08 00:49:25 | 000,001,659 | ---- | C] () -- C:\Users\Public\Desktop\OSTC Planner 451.lnk
[2012.12.28 17:18:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motmodem_01007.Wdf
[2012.12.28 17:17:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Motousbnet_01007.Wdf
[2012.12.28 17:17:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motfilt_01007.Wdf
[2012.12.28 17:17:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012.12.28 17:17:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012.12.28 17:08:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_motoandroid_01007.Wdf
[2012.12.28 16:18:14 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\MyPhoneExplorer.lnk
[2012.06.21 00:33:06 | 000,000,387 | ---- | C] () -- C:\Users\***\AppData\Roaming\sp_data.sys
[2012.04.30 08:51:35 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyConfigTDPService.exe
[2012.04.30 08:51:35 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\DptfParticipantProcessorService.exe
[2012.04.30 08:51:35 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DptfPolicyConfigTDPDll.dll
[2012.04.30 08:50:53 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.04.30 08:50:47 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.04.30 08:50:38 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.04.30 08:50:34 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.24 03:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2012.02.24 03:28:11 | 009,083,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.24 02:33:03 | 000,059,392 | ---- | C] () -- C:\Users\***\AppData\Roaming\skype.dat
[2012.02.03 06:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.06 01:53:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.06.21 00:45:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2012.12.15 09:38:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2013
[2013.01.15 21:33:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.12.28 17:04:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Motorola
[2012.12.28 17:07:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Motorola Mobility
[2012.12.28 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2012.06.21 00:39:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.01.08 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OSTC
[2012.06.21 01:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.12.13 21:55:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Extras.txt:
(angehängt aus Platzgründen)

Beim Starten von GMER kam die angehängte Fehlermeldung, danach ließ sich der Scan jedoch durchführen. Gegen Ende des Scans kam nochmal obige Fehlermeldung, sowie eine weitere, die ich leider nicht notieren konnte.

Hier das Ergebnis:
(angehängt aus Platzgründen)

Ich hoffe, ich habe soweit alles halbwegs durchgeführt wie gefordert. Für Hilfe wäre ich äußerst dankbar.
Miniaturansicht angehängter Grafiken
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen-gmer.jpg  

Geändert von LTB666 (16.01.2013 um 00:23 Uhr) Grund: typo

Alt 16.01.2013, 13:28   #2
markusg
/// Malware-holic
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



hi
ersetze *** durch nutzernamen im Script

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O20 - HKCU Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - C:\Users\***\AppData\Roaming\skype.dat ()
[2013.01.15 21:00:38 | 000,000,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\skype.ini
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 16.01.2013, 18:51   #3
LTB666
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



Hallo Markus,

zunächst ganz herzlichen Dank, daß du dich meines Problems angenommen hast.
Während des OTL-Vorgangs kam ein Dialogfenster, ob ich Änderungen durch 'ASUS instant on' zulassen möchte. Ich habe das getan und hoffe, das war richtig so. OTL hat tatsächlich einen Neustart gefordert; Symbole waren direkt alle da.

Hier das Ergebnis:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\skype.dat deleted successfully.
C:\Users\***\AppData\Roaming\skype.dat moved successfully.
C:\Users\***\AppData\Roaming\skype.ini moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 725 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 644172042 bytes
->Temporary Internet Files folder emptied: 132314718 bytes
->Java cache emptied: 45270 bytes
->FireFox cache emptied: 187150057 bytes
->Opera cache emptied: 31683744 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 226538321 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.165,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01162013_193507

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Die MovedFiles.zip habe ich problemlos hochgeladen.

Viele Grüße.
__________________

Geändert von LTB666 (16.01.2013 um 19:45 Uhr) Grund: Code-Tags

Alt 16.01.2013, 19:23   #4
markusg
/// Malware-holic
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



hi
sehr schön!
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 19:32   #5
markusg
/// Malware-holic
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
[2013/01/14 07:30:27 | 000,003,174 | ---- | C] () -- D:\ProgramData\RWvESYd.js
[2013/01/14 07:30:27 | 000,001,080 | ---- | C] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/14 07:30:25 | 095,023,320 | ---- | C] () -- D:\ProgramData\RWvESYd.pad
:Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 20:06   #6
LTB666
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



TDSS-Killer-Report:
Code:
ATTFilter
20:51:58.0167 7444  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:51:58.0167 7444  UEFI system
20:51:58.0420 7444  ============================================================
20:51:58.0420 7444  Current date / time: 2013/01/16 20:51:58.0420
20:51:58.0420 7444  SystemInfo:
20:51:58.0420 7444  
20:51:58.0420 7444  OS Version: 6.1.7601 ServicePack: 1.0
20:51:58.0420 7444  Product type: Workstation
20:51:58.0420 7444  ComputerName: ZENBOOK
20:51:58.0421 7444  UserName: ***
20:51:58.0421 7444  Windows directory: C:\Windows
20:51:58.0421 7444  System windows directory: C:\Windows
20:51:58.0421 7444  Running under WOW64
20:51:58.0421 7444  Processor architecture: Intel x64
20:51:58.0421 7444  Number of processors: 4
20:51:58.0421 7444  Page size: 0x1000
20:51:58.0421 7444  Boot type: Normal boot
20:51:58.0421 7444  ============================================================
20:51:59.0049 7444  Drive \Device\Harddisk0\DR0 - Size: 0x3AAC5ED800 (234.69 Gb), SectorSize: 0x200, Cylinders: 0x77AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:51:59.0061 7444  ============================================================
20:51:59.0061 7444  \Device\Harddisk0\DR0:
20:51:59.0062 7444  GPT partitions:
20:51:59.0063 7444  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B6F4A044-715D-4930-A889-3ECB279E6335}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x64000
20:51:59.0063 7444  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5CF18A03-8204-41C2-89BE-DBA0DDE278C9}, Name: Microsoft reserved partition, StartLBA 0x64800, BlocksNum 0x40000
20:51:59.0064 7444  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {32683BCE-7127-4747-9CC5-AB0ED7C0DB93}, Name: Basic data partition, StartLBA 0xA4800, BlocksNum 0xC1D5800
20:51:59.0064 7444  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {C27B8ED9-317A-4DB8-884A-B2217FA33C4A}, Name: Basic data partition, StartLBA 0xC27A000, BlocksNum 0x800000
20:51:59.0064 7444  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {60CBF359-CBA3-4C1B-92A2-FB275FC8D1B0}, Name: Basic data partition, StartLBA 0xCA7A000, BlocksNum 0xF6E8800
20:51:59.0064 7444  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {992C9F4C-E6DB-4A9A-BDC5-5C5CA882E2F3}, Name: Basic data partition, StartLBA 0x1C162800, BlocksNum 0x1400000
20:51:59.0064 7444  MBR partitions:
20:51:59.0064 7444  ============================================================
20:51:59.0066 7444  C: <-> \Device\Harddisk0\DR0\Partition3
20:51:59.0068 7444  D: <-> \Device\Harddisk0\DR0\Partition5
20:51:59.0068 7444  ============================================================
20:51:59.0068 7444  Initialize success
20:51:59.0068 7444  ============================================================
20:52:24.0468 7484  ============================================================
20:52:24.0468 7484  Scan started
20:52:24.0468 7484  Mode: Manual; SigCheck; TDLFS; 
20:52:24.0468 7484  ============================================================
20:52:24.0565 7484  ================ Scan system memory ========================
20:52:24.0565 7484  System memory - ok
20:52:24.0566 7484  ================ Scan services =============================
20:52:24.0680 7484  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:52:24.0797 7484  1394ohci - ok
20:52:24.0812 7484  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:52:24.0848 7484  ACPI - ok
20:52:24.0857 7484  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:52:24.0908 7484  AcpiPmi - ok
20:52:24.0920 7484  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:52:24.0944 7484  AdobeARMservice - ok
20:52:25.0010 7484  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:52:25.0042 7484  AdobeFlashPlayerUpdateSvc - ok
20:52:25.0066 7484  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:52:25.0109 7484  adp94xx - ok
20:52:25.0123 7484  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:52:25.0159 7484  adpahci - ok
20:52:25.0170 7484  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:52:25.0200 7484  adpu320 - ok
20:52:25.0220 7484  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:52:25.0344 7484  AeLookupSvc - ok
20:52:25.0364 7484  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:52:25.0406 7484  AFD - ok
20:52:25.0435 7484  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
20:52:25.0499 7484  AgereSoftModem - ok
20:52:25.0508 7484  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:52:25.0533 7484  agp440 - ok
20:52:25.0541 7484  [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
20:52:25.0574 7484  AiCharger - ok
20:52:25.0583 7484  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:52:25.0616 7484  ALG - ok
20:52:25.0624 7484  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:52:25.0648 7484  aliide - ok
20:52:25.0656 7484  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:52:25.0678 7484  amdide - ok
20:52:25.0688 7484  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:52:25.0720 7484  AmdK8 - ok
20:52:25.0734 7484  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:52:25.0764 7484  AmdPPM - ok
20:52:25.0775 7484  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:52:25.0801 7484  amdsata - ok
20:52:25.0813 7484  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:52:25.0843 7484  amdsbs - ok
20:52:25.0851 7484  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:52:25.0873 7484  amdxata - ok
20:52:25.0886 7484  [ 157B1C973637919DCD0D0464167C86BA ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
20:52:25.0921 7484  AMPPAL - ok
20:52:25.0932 7484  [ 157B1C973637919DCD0D0464167C86BA ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
20:52:25.0958 7484  AMPPALP - ok
20:52:25.0981 7484  [ FB70F8C1283C8CC6BFAA6F9971107E68 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
20:52:26.0025 7484  AMPPALR3 - ok
20:52:26.0035 7484  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:52:26.0117 7484  AppID - ok
20:52:26.0127 7484  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:52:26.0212 7484  AppIDSvc - ok
20:52:26.0263 7484  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:52:26.0345 7484  Appinfo - ok
20:52:26.0355 7484  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:52:26.0381 7484  arc - ok
20:52:26.0390 7484  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:52:26.0417 7484  arcsas - ok
20:52:26.0428 7484  [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
20:52:26.0448 7484  ASLDRService - ok
20:52:26.0452 7484  [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
20:52:26.0457 7484  ASMMAP64 - ok
20:52:26.0478 7484  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:52:26.0488 7484  aspnet_state - ok
20:52:26.0495 7484  [ 6A122B4F0E5293CACFA8A5F2CBA9B356 ] ASUS InstantOn  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
20:52:26.0505 7484  ASUS InstantOn - ok
20:52:26.0509 7484  [ CBF4C9263F35A9E80E4AD5CBBAE6049C ] AsusVBus        C:\Windows\system32\DRIVERS\AsusVBus.sys
20:52:26.0515 7484  AsusVBus - ok
20:52:26.0518 7484  [ C951F6F1D909E1AAD7160D9EE860A3F1 ] AsusVTouch      C:\Windows\system32\DRIVERS\AsusVTouch.sys
20:52:26.0524 7484  AsusVTouch - ok
20:52:26.0528 7484  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:52:26.0555 7484  AsyncMac - ok
20:52:26.0558 7484  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:52:26.0565 7484  atapi - ok
20:52:26.0579 7484  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:52:26.0619 7484  athr - ok
20:52:26.0623 7484  [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
20:52:26.0630 7484  ATKGFNEXSrv - ok
20:52:26.0633 7484  [ AC31727F9946E9009480708E4D1B9986 ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
20:52:26.0639 7484  ATKWMIACPIIO - ok
20:52:26.0649 7484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:52:26.0680 7484  AudioEndpointBuilder - ok
20:52:26.0688 7484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:52:26.0717 7484  AudioSrv - ok
20:52:26.0774 7484  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
20:52:26.0855 7484  AVGIDSAgent - ok
20:52:26.0861 7484  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:52:26.0869 7484  AVGIDSDriver - ok
20:52:26.0872 7484  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
20:52:26.0879 7484  AVGIDSHA - ok
20:52:26.0886 7484  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
20:52:26.0894 7484  Avgldx64 - ok
20:52:26.0900 7484  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
20:52:26.0910 7484  Avgloga - ok
20:52:26.0915 7484  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
20:52:26.0923 7484  Avgmfx64 - ok
20:52:26.0927 7484  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
20:52:26.0934 7484  Avgrkx64 - ok
20:52:26.0939 7484  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
20:52:26.0947 7484  Avgtdia - ok
20:52:26.0952 7484  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
20:52:26.0962 7484  avgwd - ok
20:52:26.0966 7484  [ 95920D4BE86DD1F60A2D4D23A869A043 ] AX88772B        C:\Windows\system32\DRIVERS\ax88772b.sys
20:52:26.0978 7484  AX88772B - ok
20:52:26.0985 7484  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:52:27.0009 7484  AxInstSV - ok
20:52:27.0018 7484  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:52:27.0034 7484  b06bdrv - ok
20:52:27.0040 7484  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:52:27.0068 7484  b57nd60a - ok
20:52:27.0083 7484  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:52:27.0114 7484  BDESVC - ok
20:52:27.0122 7484  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:52:27.0204 7484  Beep - ok
20:52:27.0231 7484  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:52:27.0332 7484  BFE - ok
20:52:27.0357 7484  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:52:27.0463 7484  BITS - ok
20:52:27.0472 7484  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:52:27.0502 7484  blbdrive - ok
20:52:27.0530 7484  [ 6D625A18DDFCD0464B914B71293AD837 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
20:52:27.0582 7484  Bluetooth Device Monitor - ok
20:52:27.0613 7484  [ 74B2BF80D966CFE8BC8005D19E40608D ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
20:52:27.0674 7484  Bluetooth Media Service - ok
20:52:27.0701 7484  [ 707BF27D30ADAB7798C69D5BF41C7131 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
20:52:27.0755 7484  Bluetooth OBEX Service - ok
20:52:27.0766 7484  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:52:27.0797 7484  bowser - ok
20:52:27.0805 7484  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:52:27.0838 7484  BrFiltLo - ok
20:52:27.0847 7484  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:52:27.0879 7484  BrFiltUp - ok
20:52:27.0891 7484  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:52:27.0923 7484  Browser - ok
20:52:27.0937 7484  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:52:27.0975 7484  Brserid - ok
20:52:27.0985 7484  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:52:28.0020 7484  BrSerWdm - ok
20:52:28.0029 7484  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:52:28.0065 7484  BrUsbMdm - ok
20:52:28.0076 7484  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:52:28.0106 7484  BrUsbSer - ok
20:52:28.0116 7484  [ FF7C57973EEAD140062238C5A0B7D455 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
20:52:28.0152 7484  BTCFilterService - ok
20:52:28.0160 7484  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
20:52:28.0207 7484  BthEnum - ok
20:52:28.0219 7484  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:52:28.0254 7484  BTHMODEM - ok
20:52:28.0263 7484  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:52:28.0301 7484  BthPan - ok
20:52:28.0319 7484  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
20:52:28.0360 7484  BTHPORT - ok
20:52:28.0371 7484  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:52:28.0458 7484  bthserv - ok
20:52:28.0469 7484  [ FA2D081709A764F6BEE16B7FFE03E36C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
20:52:28.0492 7484  BTHSSecurityMgr - ok
20:52:28.0503 7484  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
20:52:28.0532 7484  BTHUSB - ok
20:52:28.0542 7484  [ 3676BEAA7D842047D30E95D59B241F22 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
20:52:28.0570 7484  btmaux - ok
20:52:28.0594 7484  [ FA0E7B5AFB8FD335234916764A2D6CF9 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
20:52:28.0629 7484  btmhsf ( UnsignedFile.Multi.Generic ) - warning
20:52:28.0630 7484  btmhsf - detected UnsignedFile.Multi.Generic (1)
20:52:28.0640 7484  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:52:28.0727 7484  cdfs - ok
20:52:28.0739 7484  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:52:28.0771 7484  cdrom - ok
20:52:28.0781 7484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:52:28.0877 7484  CertPropSvc - ok
20:52:28.0885 7484  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:52:28.0919 7484  circlass - ok
20:52:28.0935 7484  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:52:28.0971 7484  CLFS - ok
20:52:28.0989 7484  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:52:29.0012 7484  clr_optimization_v2.0.50727_32 - ok
20:52:29.0029 7484  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:52:29.0054 7484  clr_optimization_v2.0.50727_64 - ok
20:52:29.0079 7484  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:52:29.0119 7484  clr_optimization_v4.0.30319_32 - ok
20:52:29.0131 7484  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:52:29.0159 7484  clr_optimization_v4.0.30319_64 - ok
20:52:29.0169 7484  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:52:29.0198 7484  CmBatt - ok
20:52:29.0207 7484  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:52:29.0230 7484  cmdide - ok
20:52:29.0249 7484  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:52:29.0305 7484  CNG - ok
20:52:29.0316 7484  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:52:29.0338 7484  Compbatt - ok
20:52:29.0352 7484  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:52:29.0388 7484  CompositeBus - ok
20:52:29.0396 7484  COMSysApp - ok
20:52:29.0461 7484  [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:52:29.0491 7484  cphs - ok
20:52:29.0501 7484  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:52:29.0524 7484  crcdisk - ok
20:52:29.0541 7484  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:52:29.0575 7484  CryptSvc - ok
20:52:29.0597 7484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:52:29.0696 7484  DcomLaunch - ok
20:52:29.0712 7484  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:52:29.0806 7484  defragsvc - ok
20:52:29.0818 7484  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:52:29.0900 7484  DfsC - ok
20:52:29.0914 7484  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:52:29.0952 7484  Dhcp - ok
20:52:29.0962 7484  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:52:30.0046 7484  discache - ok
20:52:30.0056 7484  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:52:30.0081 7484  Disk - ok
20:52:30.0093 7484  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:52:30.0127 7484  Dnscache - ok
20:52:30.0140 7484  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:52:30.0229 7484  dot3svc - ok
20:52:30.0241 7484  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:52:30.0325 7484  DPS - ok
20:52:30.0335 7484  [ B57B6CAFABC6E4F9CD0E4178585E793A ] DptfDevDram     C:\Windows\system32\DRIVERS\DptfDevDram.sys
20:52:30.0357 7484  DptfDevDram - ok
20:52:30.0368 7484  [ 3D4E77C43E9320845D37D6174E61D1C4 ] DptfDevFan      C:\Windows\system32\DRIVERS\DptfDevFan.sys
20:52:30.0387 7484  DptfDevFan - ok
20:52:30.0399 7484  [ 503BB50D87387C11EEA9315D81F66E75 ] DptfDevGen      C:\Windows\system32\DRIVERS\DptfDevGen.sys
20:52:30.0418 7484  DptfDevGen - ok
20:52:30.0430 7484  [ C924AF49E62D8255DF89BAA91770344E ] DptfDevPch      C:\Windows\system32\DRIVERS\DptfDevPch.sys
20:52:30.0451 7484  DptfDevPch - ok
20:52:30.0463 7484  [ C89D695BEDD341AD56A4D5D57D6DFF5C ] DptfDevProc     C:\Windows\system32\DRIVERS\DptfDevProc.sys
20:52:30.0487 7484  DptfDevProc - ok
20:52:30.0505 7484  [ 80198E50E63EA9F9B472B1FEC7E8BEB4 ] DptfManager     C:\Windows\system32\DRIVERS\DptfManager.sys
20:52:30.0541 7484  DptfManager - ok
20:52:30.0550 7484  [ E5EBBE07DCE63C2F2DB3F52FECA1DCE2 ] DptfParticipantProcessorService C:\Windows\SysWOW64\DptfParticipantProcessorService.exe
20:52:30.0575 7484  DptfParticipantProcessorService - ok
20:52:30.0583 7484  [ A9B530EC5F3D11B0B0DBC2947B10F700 ] DptfPolicyConfigTDPService C:\Windows\SysWOW64\DptfPolicyConfigTDPService.exe
20:52:30.0607 7484  DptfPolicyConfigTDPService - ok
20:52:30.0617 7484  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:52:30.0651 7484  drmkaud - ok
20:52:30.0679 7484  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:52:30.0736 7484  DXGKrnl - ok
20:52:30.0749 7484  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:52:30.0834 7484  EapHost - ok
20:52:30.0902 7484  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:52:31.0021 7484  ebdrv - ok
20:52:31.0032 7484  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:52:31.0064 7484  EFS - ok
20:52:31.0088 7484  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:52:31.0141 7484  ehRecvr - ok
20:52:31.0151 7484  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:52:31.0187 7484  ehSched - ok
20:52:31.0217 7484  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:52:31.0259 7484  elxstor - ok
20:52:31.0267 7484  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:52:31.0296 7484  ErrDev - ok
20:52:31.0314 7484  [ 42B4D3D746B3625EF42233C3897E1F68 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
20:52:31.0341 7484  ETD - ok
20:52:31.0362 7484  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:52:31.0456 7484  EventSystem - ok
20:52:31.0477 7484  [ 52AE29A233832E0C704FD7FC534AF9FB ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:52:31.0518 7484  EvtEng - ok
20:52:31.0530 7484  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:52:31.0619 7484  exfat - ok
20:52:31.0632 7484  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:52:31.0720 7484  fastfat - ok
20:52:31.0745 7484  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:52:31.0791 7484  Fax - ok
20:52:31.0801 7484  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:52:31.0830 7484  fdc - ok
20:52:31.0838 7484  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:52:31.0922 7484  fdPHost - ok
20:52:31.0932 7484  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:52:32.0016 7484  FDResPub - ok
20:52:32.0025 7484  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:52:32.0049 7484  FileInfo - ok
20:52:32.0057 7484  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:52:32.0143 7484  Filetrace - ok
20:52:32.0151 7484  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:52:32.0180 7484  flpydisk - ok
20:52:32.0194 7484  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:52:32.0228 7484  FltMgr - ok
20:52:32.0257 7484  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:52:32.0317 7484  FontCache - ok
20:52:32.0326 7484  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:52:32.0346 7484  FontCache3.0.0.0 - ok
20:52:32.0356 7484  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:52:32.0380 7484  FsDepends - ok
20:52:32.0389 7484  [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:52:32.0409 7484  fssfltr - ok
20:52:32.0448 7484  [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:52:32.0525 7484  fsssvc - ok
20:52:32.0534 7484  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:52:32.0556 7484  Fs_Rec - ok
20:52:32.0569 7484  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:52:32.0609 7484  fvevol - ok
20:52:32.0618 7484  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:52:32.0643 7484  gagp30kx - ok
20:52:32.0737 7484  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:52:32.0839 7484  gpsvc - ok
20:52:32.0846 7484  gupdate - ok
20:52:32.0854 7484  gupdatem - ok
20:52:32.0866 7484  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:52:32.0898 7484  hcw85cir - ok
20:52:32.0913 7484  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:52:32.0956 7484  HdAudAddService - ok
20:52:32.0966 7484  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:52:33.0002 7484  HDAudBus - ok
20:52:33.0011 7484  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:52:33.0041 7484  HidBatt - ok
20:52:33.0052 7484  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:52:33.0087 7484  HidBth - ok
20:52:33.0097 7484  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:52:33.0130 7484  HidIr - ok
20:52:33.0139 7484  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:52:33.0225 7484  hidserv - ok
20:52:33.0235 7484  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:52:33.0264 7484  HidUsb - ok
20:52:33.0274 7484  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:52:33.0357 7484  hkmsvc - ok
20:52:33.0373 7484  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:52:33.0408 7484  HomeGroupListener - ok
20:52:33.0421 7484  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:52:33.0455 7484  HomeGroupProvider - ok
20:52:33.0466 7484  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:52:33.0492 7484  HpSAMD - ok
20:52:33.0514 7484  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:52:33.0613 7484  HTTP - ok
20:52:33.0622 7484  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:52:33.0645 7484  hwpolicy - ok
20:52:33.0655 7484  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:52:33.0684 7484  i8042prt - ok
20:52:33.0706 7484  [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:52:33.0744 7484  iaStor - ok
20:52:33.0760 7484  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:52:33.0797 7484  iaStorV - ok
20:52:33.0807 7484  [ 653A38B868A5F20BB506AB57AC41B936 ] ibtfltcoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
20:52:33.0819 7484  ibtfltcoex ( UnsignedFile.Multi.Generic ) - warning
20:52:33.0819 7484  ibtfltcoex - detected UnsignedFile.Multi.Generic (1)
20:52:33.0846 7484  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:52:33.0898 7484  idsvc - ok
20:52:34.0140 7484  [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:52:34.0600 7484  igfx - ok
20:52:34.0615 7484  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:52:34.0640 7484  iirsp - ok
20:52:34.0664 7484  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:52:34.0767 7484  IKEEXT - ok
20:52:34.0781 7484  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
20:52:34.0802 7484  intaud_WaveExtensible - ok
20:52:34.0880 7484  [ 6EF96DF5184DDB95A12107B8D7531FB7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:52:35.0038 7484  IntcAzAudAddService - ok
20:52:35.0059 7484  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:52:35.0093 7484  IntcDAud - ok
20:52:35.0112 7484  [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:52:35.0153 7484  Intel(R) Capability Licensing Service Interface - ok
20:52:35.0165 7484  [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
20:52:35.0188 7484  Intel(R) ME Service - ok
20:52:35.0200 7484  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:52:35.0226 7484  intelide - ok
20:52:35.0238 7484  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:52:35.0267 7484  intelppm - ok
20:52:35.0277 7484  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:52:35.0364 7484  IPBusEnum - ok
20:52:35.0375 7484  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:52:35.0457 7484  IpFilterDriver - ok
20:52:35.0475 7484  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:52:35.0519 7484  iphlpsvc - ok
20:52:35.0528 7484  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:52:35.0559 7484  IPMIDRV - ok
20:52:35.0571 7484  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:52:35.0657 7484  IPNAT - ok
20:52:35.0668 7484  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:52:35.0718 7484  IRENUM - ok
20:52:35.0728 7484  [ 6DC22BDAA595BE00F19696E72F2F3312 ] irstrtdv        C:\Windows\system32\DRIVERS\irstrtdv.sys
20:52:35.0747 7484  irstrtdv - ok
20:52:35.0760 7484  [ 205FD80EF4B9832F9763B9A187957260 ] irstrtsv        C:\Windows\SysWOW64\irstrtsv.exe
20:52:35.0787 7484  irstrtsv - ok
20:52:35.0796 7484  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:52:35.0820 7484  isapnp - ok
20:52:35.0836 7484  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:52:35.0869 7484  iScsiPrt - ok
20:52:35.0878 7484  [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:52:35.0896 7484  iusb3hcs - ok
20:52:35.0913 7484  [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
20:52:35.0942 7484  iusb3hub - ok
20:52:35.0965 7484  [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:52:36.0009 7484  iusb3xhc - ok
20:52:36.0018 7484  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
20:52:36.0037 7484  iwdbus - ok
20:52:36.0050 7484  [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:52:36.0075 7484  jhi_service - ok
20:52:36.0085 7484  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:52:36.0109 7484  kbdclass - ok
20:52:36.0118 7484  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:52:36.0149 7484  kbdhid - ok
20:52:36.0157 7484  [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
20:52:36.0175 7484  kbfiltr - ok
20:52:36.0185 7484  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:52:36.0215 7484  KeyIso - ok
20:52:36.0225 7484  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:52:36.0250 7484  KSecDD - ok
20:52:36.0262 7484  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:52:36.0289 7484  KSecPkg - ok
20:52:36.0297 7484  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:52:36.0382 7484  ksthunk - ok
20:52:36.0398 7484  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:52:36.0494 7484  KtmRm - ok
20:52:36.0504 7484  [ 033B4AED2C5519072C0D81E00804D003 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:52:36.0535 7484  L1C - ok
20:52:36.0548 7484  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:52:36.0635 7484  LanmanServer - ok
20:52:36.0646 7484  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:52:36.0731 7484  LanmanWorkstation - ok
20:52:36.0746 7484  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:52:36.0829 7484  lltdio - ok
20:52:36.0843 7484  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:52:36.0876 7484  lltdsvc - ok
20:52:36.0879 7484  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:52:36.0904 7484  lmhosts - ok
20:52:36.0912 7484  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:52:36.0922 7484  LMS - ok
20:52:36.0927 7484  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:52:36.0936 7484  LSI_FC - ok
20:52:36.0939 7484  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:52:36.0948 7484  LSI_SAS - ok
20:52:36.0952 7484  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:52:36.0960 7484  LSI_SAS2 - ok
20:52:36.0964 7484  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:52:36.0973 7484  LSI_SCSI - ok
20:52:36.0978 7484  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:52:37.0005 7484  luafv - ok
20:52:37.0009 7484  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:52:37.0020 7484  Mcx2Svc - ok
20:52:37.0023 7484  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:52:37.0031 7484  megasas - ok
20:52:37.0036 7484  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:52:37.0048 7484  MegaSR - ok
20:52:37.0052 7484  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:52:37.0058 7484  MEIx64 - ok
20:52:37.0062 7484  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:52:37.0089 7484  MMCSS - ok
20:52:37.0093 7484  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:52:37.0120 7484  Modem - ok
20:52:37.0123 7484  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:52:37.0134 7484  monitor - ok
20:52:37.0138 7484  [ D69F1E9A944A5F46A494AF901ED41118 ] motandroidusb   C:\Windows\system32\Drivers\motoandroid.sys
20:52:37.0150 7484  motandroidusb - ok
20:52:37.0154 7484  [ 43E754047C6DEE50666554D3C66D6279 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
20:52:37.0167 7484  motccgp - ok
20:52:37.0170 7484  [ 577399C75CF85AC68E7830EB150F45EF ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
20:52:37.0182 7484  motccgpfl - ok
20:52:37.0185 7484  [ 785B2CBA23D374649D98715C3EE17B2A ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
20:52:37.0198 7484  motmodem - ok
20:52:37.0205 7484  [ AC9D6E3629E4388A9EA9B4172493AAEE ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
20:52:37.0212 7484  Motorola Device Manager - ok
20:52:37.0215 7484  [ 19BC2161C3FCCED802F1BCD9B78C3466 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
20:52:37.0227 7484  MotoSwitchService - ok
20:52:37.0230 7484  [ C4F1495598C7E1FEF53BCFD84A5BD53E ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
20:52:37.0242 7484  Motousbnet - ok
20:52:37.0246 7484  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:52:37.0253 7484  mouclass - ok
20:52:37.0257 7484  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:52:37.0267 7484  mouhid - ok
20:52:37.0271 7484  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:52:37.0279 7484  mountmgr - ok
20:52:37.0284 7484  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:52:37.0294 7484  mpio - ok
20:52:37.0298 7484  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:52:37.0325 7484  mpsdrv - ok
20:52:37.0336 7484  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:52:37.0371 7484  MpsSvc - ok
20:52:37.0375 7484  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:52:37.0391 7484  MRxDAV - ok
20:52:37.0397 7484  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:52:37.0410 7484  mrxsmb - ok
20:52:37.0416 7484  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:52:37.0428 7484  mrxsmb10 - ok
20:52:37.0432 7484  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:52:37.0444 7484  mrxsmb20 - ok
20:52:37.0447 7484  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:52:37.0454 7484  msahci - ok
20:52:37.0458 7484  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:52:37.0468 7484  msdsm - ok
20:52:37.0473 7484  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:52:37.0485 7484  MSDTC - ok
20:52:37.0491 7484  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:52:37.0517 7484  Msfs - ok
20:52:37.0520 7484  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:52:37.0546 7484  mshidkmdf - ok
20:52:37.0548 7484  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:52:37.0555 7484  msisadrv - ok
20:52:37.0559 7484  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:52:37.0588 7484  MSiSCSI - ok
20:52:37.0591 7484  msiserver - ok
20:52:37.0594 7484  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:52:37.0621 7484  MSKSSRV - ok
20:52:37.0624 7484  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:52:37.0649 7484  MSPCLOCK - ok
20:52:37.0652 7484  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:52:37.0678 7484  MSPQM - ok
20:52:37.0685 7484  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:52:37.0697 7484  MsRPC - ok
20:52:37.0703 7484  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:52:37.0710 7484  mssmbios - ok
20:52:37.0714 7484  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:52:37.0740 7484  MSTEE - ok
20:52:37.0743 7484  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:52:37.0754 7484  MTConfig - ok
20:52:37.0757 7484  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:52:37.0765 7484  Mup - ok
20:52:37.0771 7484  [ 4D02A9A4AAE43280D8631F232AAD79BC ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:52:37.0781 7484  MyWiFiDHCPDNS - ok
20:52:37.0789 7484  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:52:37.0825 7484  napagent - ok
20:52:37.0833 7484  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:52:37.0850 7484  NativeWifiP - ok
20:52:37.0861 7484  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:52:37.0880 7484  NDIS - ok
20:52:37.0883 7484  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:52:37.0910 7484  NdisCap - ok
20:52:37.0914 7484  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:52:37.0940 7484  NdisTapi - ok
20:52:37.0943 7484  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:52:37.0970 7484  Ndisuio - ok
20:52:37.0975 7484  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:52:38.0002 7484  NdisWan - ok
20:52:38.0006 7484  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:52:38.0032 7484  NDProxy - ok
20:52:38.0035 7484  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:52:38.0063 7484  NetBIOS - ok
20:52:38.0068 7484  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:52:38.0095 7484  NetBT - ok
20:52:38.0099 7484  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:52:38.0107 7484  Netlogon - ok
20:52:38.0114 7484  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:52:38.0145 7484  Netman - ok
20:52:38.0162 7484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:38.0174 7484  NetMsmqActivator - ok
20:52:38.0177 7484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:38.0184 7484  NetPipeActivator - ok
20:52:38.0192 7484  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:52:38.0224 7484  netprofm - ok
20:52:38.0228 7484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:38.0234 7484  NetTcpActivator - ok
20:52:38.0238 7484  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:52:38.0244 7484  NetTcpPortSharing - ok
20:52:38.0330 7484  [ 262225F08B891FD7F16B3B93A3177C1F ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
20:52:38.0448 7484  NETwNs64 - ok
20:52:38.0454 7484  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:52:38.0462 7484  nfrd960 - ok
20:52:38.0468 7484  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:52:38.0482 7484  NlaSvc - ok
20:52:38.0486 7484  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:52:38.0512 7484  Npfs - ok
20:52:38.0516 7484  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:52:38.0543 7484  nsi - ok
20:52:38.0547 7484  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:52:38.0572 7484  nsiproxy - ok
20:52:38.0591 7484  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:52:38.0619 7484  Ntfs - ok
20:52:38.0623 7484  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:52:38.0649 7484  Null - ok
20:52:38.0653 7484  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:52:38.0662 7484  nvraid - ok
20:52:38.0667 7484  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:52:38.0677 7484  nvstor - ok
20:52:38.0681 7484  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:52:38.0691 7484  nv_agp - ok
20:52:38.0695 7484  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:52:38.0707 7484  ohci1394 - ok
20:52:38.0713 7484  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:52:38.0722 7484  ose - ok
20:52:38.0763 7484  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:52:38.0832 7484  osppsvc - ok
20:52:38.0841 7484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:52:38.0855 7484  p2pimsvc - ok
20:52:38.0862 7484  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:52:38.0878 7484  p2psvc - ok
20:52:38.0882 7484  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
20:52:38.0893 7484  Parport - ok
20:52:38.0898 7484  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:52:38.0906 7484  partmgr - ok
20:52:38.0911 7484  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:52:38.0927 7484  PcaSvc - ok
20:52:38.0932 7484  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:52:38.0942 7484  pci - ok
20:52:38.0945 7484  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:52:38.0952 7484  pciide - ok
20:52:38.0957 7484  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:52:38.0967 7484  pcmcia - ok
20:52:38.0970 7484  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:52:38.0977 7484  pcw - ok
20:52:38.0986 7484  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:52:39.0019 7484  PEAUTH - ok
20:52:39.0024 7484  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:52:39.0034 7484  PerfHost - ok
20:52:39.0051 7484  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:52:39.0091 7484  pla - ok
20:52:39.0099 7484  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:52:39.0115 7484  PlugPlay - ok
20:52:39.0118 7484  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:52:39.0129 7484  PNRPAutoReg - ok
20:52:39.0134 7484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:52:39.0144 7484  PNRPsvc - ok
20:52:39.0152 7484  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:52:39.0182 7484  PolicyAgent - ok
20:52:39.0188 7484  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:52:39.0216 7484  Power - ok
20:52:39.0221 7484  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:52:39.0247 7484  PptpMiniport - ok
20:52:39.0250 7484  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:52:39.0261 7484  Processor - ok
20:52:39.0266 7484  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:52:39.0279 7484  ProfSvc - ok
20:52:39.0282 7484  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:52:39.0290 7484  ProtectedStorage - ok
20:52:39.0294 7484  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:52:39.0321 7484  Psched - ok
20:52:39.0326 7484  [ EA735BF6DF13A857A83C99BF27A422AD ] PST Service     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
20:52:39.0331 7484  PST Service ( UnsignedFile.Multi.Generic ) - warning
20:52:39.0331 7484  PST Service - detected UnsignedFile.Multi.Generic (1)
20:52:39.0346 7484  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:52:39.0374 7484  ql2300 - ok
20:52:39.0379 7484  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:52:39.0388 7484  ql40xx - ok
20:52:39.0394 7484  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:52:39.0410 7484  QWAVE - ok
20:52:39.0413 7484  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:52:39.0426 7484  QWAVEdrv - ok
20:52:39.0429 7484  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:52:39.0456 7484  RasAcd - ok
20:52:39.0460 7484  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:52:39.0485 7484  RasAgileVpn - ok
20:52:39.0489 7484  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:52:39.0516 7484  RasAuto - ok
20:52:39.0520 7484  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:52:39.0546 7484  Rasl2tp - ok
20:52:39.0553 7484  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:52:39.0581 7484  RasMan - ok
20:52:39.0585 7484  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:52:39.0612 7484  RasPppoe - ok
20:52:39.0616 7484  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:52:39.0643 7484  RasSstp - ok
20:52:39.0651 7484  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:52:39.0680 7484  rdbss - ok
20:52:39.0683 7484  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:52:39.0695 7484  rdpbus - ok
20:52:39.0698 7484  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:52:39.0724 7484  RDPCDD - ok
20:52:39.0730 7484  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:52:39.0756 7484  RDPENCDD - ok
20:52:39.0760 7484  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:52:39.0786 7484  RDPREFMP - ok
20:52:39.0791 7484  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:52:39.0805 7484  RDPWD - ok
20:52:39.0810 7484  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:52:39.0820 7484  rdyboost - ok
20:52:39.0826 7484  [ C480D028012881E0136962A49379688D ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:52:39.0834 7484  RegSrvc - ok
20:52:39.0838 7484  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:52:39.0866 7484  RemoteAccess - ok
20:52:39.0870 7484  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:52:39.0899 7484  RemoteRegistry - ok
20:52:39.0903 7484  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:52:39.0917 7484  RFCOMM - ok
20:52:39.0921 7484  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:52:39.0949 7484  RpcEptMapper - ok
20:52:39.0952 7484  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:52:39.0962 7484  RpcLocator - ok
20:52:39.0969 7484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:52:39.0997 7484  RpcSs - ok
20:52:40.0001 7484  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:52:40.0026 7484  rspndr - ok
20:52:40.0037 7484  [ CE0A1D8A59410E698140821E4E69DA0D ] RSUSBVSTOR      C:\Windows\system32\Drivers\RTSUVSTOR.sys
20:52:40.0048 7484  RSUSBVSTOR - ok
20:52:40.0051 7484  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:52:40.0059 7484  SamSs - ok
20:52:40.0065 7484  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:52:40.0073 7484  sbp2port - ok
20:52:40.0079 7484  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:52:40.0108 7484  SCardSvr - ok
20:52:40.0111 7484  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:52:40.0136 7484  scfilter - ok
20:52:40.0148 7484  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:52:40.0184 7484  Schedule - ok
20:52:40.0190 7484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:52:40.0214 7484  SCPolicySvc - ok
20:52:40.0219 7484  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:52:40.0232 7484  SDRSVC - ok
20:52:40.0236 7484  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:52:40.0262 7484  secdrv - ok
20:52:40.0266 7484  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:52:40.0292 7484  seclogon - ok
20:52:40.0296 7484  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:52:40.0325 7484  SENS - ok
20:52:40.0329 7484  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:52:40.0340 7484  SensrSvc - ok
20:52:40.0343 7484  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:52:40.0354 7484  Serenum - ok
20:52:40.0358 7484  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
20:52:40.0371 7484  Serial - ok
20:52:40.0375 7484  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:52:40.0389 7484  sermouse - ok
20:52:40.0397 7484  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:52:40.0425 7484  SessionEnv - ok
20:52:40.0428 7484  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:52:40.0439 7484  sffdisk - ok
20:52:40.0442 7484  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:52:40.0454 7484  sffp_mmc - ok
20:52:40.0457 7484  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:52:40.0467 7484  sffp_sd - ok
20:52:40.0470 7484  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:52:40.0480 7484  sfloppy - ok
20:52:40.0487 7484  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:52:40.0516 7484  SharedAccess - ok
20:52:40.0523 7484  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:52:40.0553 7484  ShellHWDetection - ok
20:52:40.0557 7484  [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
20:52:40.0566 7484  SiSGbeLH - ok
20:52:40.0569 7484  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:52:40.0577 7484  SiSRaid2 - ok
20:52:40.0581 7484  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:52:40.0589 7484  SiSRaid4 - ok
20:52:40.0595 7484  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:52:40.0603 7484  SkypeUpdate - ok
20:52:40.0607 7484  [ A457553166B11B4B34C80C5C08729C44 ] slabbus         C:\Windows\system32\DRIVERS\slabbus.sys
20:52:40.0626 7484  slabbus - ok
20:52:40.0633 7484  [ CC73BE818A487D3CE31466D25286F65B ] slabser         C:\Windows\system32\DRIVERS\slabser.sys
20:52:40.0644 7484  slabser - ok
20:52:40.0647 7484  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:52:40.0674 7484  Smb - ok
20:52:40.0681 7484  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:52:40.0692 7484  SNMPTRAP - ok
20:52:40.0696 7484  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:52:40.0703 7484  spldr - ok
20:52:40.0711 7484  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:52:40.0728 7484  Spooler - ok
20:52:40.0757 7484  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:52:40.0816 7484  sppsvc - ok
20:52:40.0821 7484  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:52:40.0848 7484  sppuinotify - ok
20:52:40.0856 7484  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:52:40.0872 7484  srv - ok
20:52:40.0881 7484  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:52:40.0894 7484  srv2 - ok
20:52:40.0900 7484  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:52:40.0910 7484  srvnet - ok
20:52:40.0916 7484  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:52:40.0944 7484  SSDPSRV - ok
20:52:40.0948 7484  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:52:40.0975 7484  SstpSvc - ok
20:52:40.0978 7484  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:52:40.0986 7484  stexstor - ok
20:52:40.0994 7484  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:52:41.0014 7484  stisvc - ok
20:52:41.0017 7484  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:52:41.0024 7484  swenum - ok
20:52:41.0031 7484  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:52:41.0065 7484  swprv - ok
20:52:41.0081 7484  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:52:41.0113 7484  SysMain - ok
20:52:41.0117 7484  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:52:41.0132 7484  TabletInputService - ok
20:52:41.0139 7484  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:52:41.0169 7484  TapiSrv - ok
20:52:41.0173 7484  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:52:41.0200 7484  TBS - ok
20:52:41.0219 7484  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:52:41.0250 7484  Tcpip - ok
20:52:41.0268 7484  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:52:41.0294 7484  TCPIP6 - ok
20:52:41.0299 7484  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:52:41.0309 7484  tcpipreg - ok
20:52:41.0313 7484  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:52:41.0323 7484  TDPIPE - ok
20:52:41.0327 7484  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:52:41.0337 7484  TDTCP - ok
20:52:41.0341 7484  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:52:41.0367 7484  tdx - ok
20:52:41.0371 7484  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:52:41.0378 7484  TermDD - ok
20:52:41.0389 7484  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:52:41.0422 7484  TermService - ok
20:52:41.0425 7484  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:52:41.0439 7484  Themes - ok
20:52:41.0443 7484  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:52:41.0469 7484  THREADORDER - ok
20:52:41.0472 7484  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
20:52:41.0482 7484  TPM - ok
20:52:41.0487 7484  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:52:41.0514 7484  TrkWks - ok
20:52:41.0520 7484  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:52:41.0547 7484  TrustedInstaller - ok
20:52:41.0551 7484  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:52:41.0577 7484  tssecsrv - ok
20:52:41.0581 7484  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:52:41.0591 7484  TsUsbFlt - ok
20:52:41.0594 7484  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:52:41.0604 7484  TsUsbGD - ok
20:52:41.0608 7484  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:52:41.0633 7484  tunnel - ok
20:52:41.0637 7484  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:52:41.0646 7484  uagp35 - ok
20:52:41.0659 7484  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:52:41.0688 7484  udfs - ok
20:52:41.0694 7484  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:52:41.0706 7484  UI0Detect - ok
20:52:41.0710 7484  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:52:41.0718 7484  uliagpkx - ok
20:52:41.0721 7484  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:52:41.0731 7484  umbus - ok
20:52:41.0734 7484  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:52:41.0744 7484  UmPass - ok
20:52:41.0754 7484  [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:52:41.0766 7484  UNS - ok
20:52:41.0773 7484  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:52:41.0803 7484  upnphost - ok
20:52:41.0808 7484  [ EBF228A52517042DE4F38A40285BC8D9 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:52:41.0819 7484  usbccgp - ok
20:52:41.0823 7484  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:52:41.0835 7484  usbcir - ok
20:52:41.0838 7484  [ 6B3D5E6A9DA786EC755B00BC180C700B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:52:41.0849 7484  usbehci - ok
20:52:41.0856 7484  [ 94ABE9DA48E466BBE84C73E0C6652ED1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:52:41.0870 7484  usbhub - ok
20:52:41.0873 7484  [ 660B2C08CE7103E71EAA26F85B0B0A56 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:52:41.0883 7484  usbohci - ok
20:52:41.0888 7484  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:52:41.0901 7484  usbprint - ok
20:52:41.0904 7484  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:52:41.0916 7484  USBSTOR - ok
20:52:41.0919 7484  [ 1529632FC96032D337B298F8A285D640 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:52:41.0927 7484  usbuhci - ok
20:52:41.0933 7484  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:52:41.0947 7484  usbvideo - ok
20:52:41.0951 7484  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
20:52:41.0961 7484  usb_rndisx - ok
20:52:41.0965 7484  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:52:41.0992 7484  UxSms - ok
20:52:41.0996 7484  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:52:42.0005 7484  VaultSvc - ok
20:52:42.0008 7484  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:52:42.0016 7484  vdrvroot - ok
20:52:42.0024 7484  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:52:42.0056 7484  vds - ok
20:52:42.0059 7484  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:52:42.0070 7484  vga - ok
20:52:42.0073 7484  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:52:42.0099 7484  VgaSave - ok
20:52:42.0105 7484  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:52:42.0115 7484  vhdmp - ok
20:52:42.0118 7484  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:52:42.0126 7484  viaide - ok
20:52:42.0130 7484  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:52:42.0138 7484  volmgr - ok
20:52:42.0145 7484  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:52:42.0157 7484  volmgrx - ok
20:52:42.0163 7484  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:52:42.0174 7484  volsnap - ok
20:52:42.0179 7484  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:52:42.0189 7484  vsmraid - ok
20:52:42.0205 7484  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:52:42.0247 7484  VSS - ok
20:52:42.0250 7484  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:52:42.0262 7484  vwifibus - ok
20:52:42.0265 7484  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:52:42.0279 7484  vwififlt - ok
20:52:42.0282 7484  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:52:42.0295 7484  vwifimp - ok
20:52:42.0302 7484  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:52:42.0334 7484  W32Time - ok
20:52:42.0338 7484  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:52:42.0348 7484  WacomPen - ok
20:52:42.0352 7484  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:52:42.0378 7484  WANARP - ok
20:52:42.0382 7484  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:52:42.0407 7484  Wanarpv6 - ok
20:52:42.0422 7484  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:52:42.0445 7484  WatAdminSvc - ok
20:52:42.0461 7484  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:52:42.0487 7484  wbengine - ok
20:52:42.0492 7484  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:52:42.0508 7484  WbioSrvc - ok
20:52:42.0516 7484  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:52:42.0536 7484  wcncsvc - ok
20:52:42.0539 7484  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:52:42.0550 7484  WcsPlugInService - ok
20:52:42.0552 7484  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:52:42.0560 7484  Wd - ok
20:52:42.0570 7484  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:52:42.0588 7484  Wdf01000 - ok
20:52:42.0592 7484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:52:42.0627 7484  WdiServiceHost - ok
20:52:42.0629 7484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:52:42.0642 7484  WdiSystemHost - ok
20:52:42.0649 7484  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:52:42.0699 7484  WebClient - ok
20:52:42.0714 7484  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:52:42.0807 7484  Wecsvc - ok
20:52:42.0816 7484  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:52:42.0915 7484  wercplsupport - ok
20:52:42.0925 7484  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:52:43.0015 7484  WerSvc - ok
20:52:43.0023 7484  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:52:43.0106 7484  WfpLwf - ok
20:52:43.0118 7484  [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
20:52:43.0149 7484  WimFltr - ok
20:52:43.0157 7484  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:52:43.0180 7484  WIMMount - ok
20:52:43.0191 7484  WinDefend - ok
20:52:43.0209 7484  WinHttpAutoProxySvc - ok
20:52:43.0233 7484  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:52:43.0322 7484  Winmgmt - ok
20:52:43.0367 7484  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:52:43.0502 7484  WinRM - ok
20:52:43.0520 7484  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
20:52:43.0554 7484  WinUsb - ok
20:52:43.0579 7484  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:52:43.0644 7484  Wlansvc - ok
20:52:43.0659 7484  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:52:43.0679 7484  wlcrasvc - ok
20:52:43.0727 7484  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:52:43.0830 7484  wlidsvc - ok
20:52:43.0840 7484  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:52:43.0866 7484  WmiAcpi - ok
20:52:43.0883 7484  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:52:43.0919 7484  wmiApSrv - ok
20:52:43.0927 7484  WMPNetworkSvc - ok
20:52:43.0938 7484  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:52:43.0968 7484  WPCSvc - ok
20:52:43.0978 7484  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:52:44.0014 7484  WPDBusEnum - ok
20:52:44.0023 7484  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:52:44.0106 7484  ws2ifsl - ok
20:52:44.0117 7484  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:52:44.0161 7484  wscsvc - ok
20:52:44.0169 7484  WSearch - ok
20:52:44.0229 7484  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:52:44.0344 7484  wuauserv - ok
20:52:44.0355 7484  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:52:44.0385 7484  WudfPf - ok
20:52:44.0400 7484  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:52:44.0433 7484  WUDFRd - ok
20:52:44.0443 7484  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:52:44.0475 7484  wudfsvc - ok
20:52:44.0489 7484  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:52:44.0537 7484  WwanSvc - ok
20:52:44.0597 7484  [ 118C018DF1C53B94F8C06D2CABBBDA52 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
20:52:44.0713 7484  ZeroConfigService - ok
20:52:44.0752 7484  ================ Scan global ===============================
20:52:44.0759 7484  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:52:44.0773 7484  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:52:44.0790 7484  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:52:44.0802 7484  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:52:44.0818 7484  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:52:44.0828 7484  [Global] - ok
20:52:44.0830 7484  ================ Scan MBR ==================================
20:52:44.0835 7484  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
20:52:44.0907 7484  \Device\Harddisk0\DR0 - ok
20:52:44.0908 7484  ================ Scan VBR ==================================
20:52:44.0914 7484  [ C0CA64F5F1B5FEE746FC6A9120F779A3 ] \Device\Harddisk0\DR0\Partition1
20:52:44.0916 7484  \Device\Harddisk0\DR0\Partition1 - ok
20:52:44.0922 7484  [ F95C6499DB28041210DAD54F30FD7FFC ] \Device\Harddisk0\DR0\Partition2
20:52:44.0923 7484  \Device\Harddisk0\DR0\Partition2 - ok
20:52:44.0932 7484  [ 5CBDD8F0E6C8B9CE8E0824A78CE12390 ] \Device\Harddisk0\DR0\Partition3
20:52:44.0936 7484  \Device\Harddisk0\DR0\Partition3 - ok
20:52:44.0941 7484  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
20:52:44.0941 7484  \Device\Harddisk0\DR0\Partition4 - ok
20:52:44.0950 7484  [ 6D7B821B369AA6D4A14C04BD91AD2B64 ] \Device\Harddisk0\DR0\Partition5
20:52:44.0953 7484  \Device\Harddisk0\DR0\Partition5 - ok
20:52:44.0962 7484  [ C5C62BE79BF58E4A24EDCA267A9D449C ] \Device\Harddisk0\DR0\Partition6
20:52:44.0965 7484  \Device\Harddisk0\DR0\Partition6 - ok
20:52:44.0966 7484  ============================================================
20:52:44.0966 7484  Scan finished
20:52:44.0966 7484  ============================================================
20:52:44.0991 9140  Detected object count: 3
20:52:44.0991 9140  Actual detected object count: 3
20:53:06.0358 9140  btmhsf ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0358 9140  btmhsf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:53:06.0363 9140  ibtfltcoex ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0363 9140  ibtfltcoex ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:53:06.0365 9140  PST Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:53:06.0365 9140  PST Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
OTLPENet.exe habe ich allerdings noch nicht verwendet. Download und Image brennen?

EDIT2: Download von OTLPENet.exe von geekstogo steht jetzt schon seit ca. 15 Minuten bei 0%. ISO Burner wird auf filepony gar nicht gefunden. Kann man z.B. Nero verwenden? Vorausgesetzt ich krieg die OTLPENet.exe noch irgendwie?

Geändert von LTB666 (16.01.2013 um 20:38 Uhr) Grund: Nachsatz eingefügt

Alt 16.01.2013, 21:37   #7
markusg
/// Malware-holic
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



hi
nein brauchst du nicht laden, hatte den post nicht richtig editiert.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 21:38   #8
LTB666
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



combofix.txt:
Code:
ATTFilter
ComboFix 13-01-16.01 - *** 16.01.2013  22:46:14.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3982.980 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Roaming
c:\users\***\Desktop\Internet Explorer.lnk
c:\users\Public\sdelevURL.tmp
c:\windows\msvcr71.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-16 bis 2013-01-16  ))))))))))))))))))))))))))))))
.
.
2013-01-16 21:50 . 2013-01-16 21:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-16 18:35 . 2013-01-16 18:38	--------	d-----w-	C:\_OTL
2013-01-16 00:53 . 2013-01-16 00:53	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-01-16 00:52 . 2013-01-16 00:52	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-16 00:52 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-01-16 00:51 . 2013-01-16 00:51	--------	d-----w-	c:\users\***\AppData\Local\Programs
2013-01-15 20:47 . 2013-01-15 20:47	--------	d-----w-	c:\program files (x86)\ESET
2013-01-10 17:10 . 2013-01-10 17:10	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-09 19:46 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 19:46 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 19:46 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 19:43 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-01-08 00:13 . 2013-01-08 00:13	308200	----a-w-	c:\windows\system32\javaws.exe
2013-01-08 00:13 . 2013-01-08 00:13	188392	----a-w-	c:\windows\system32\javaw.exe
2013-01-08 00:13 . 2013-01-08 00:13	188392	----a-w-	c:\windows\system32\java.exe
2013-01-08 00:13 . 2013-01-08 00:13	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-01-08 00:12 . 2013-01-08 00:12	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-08 00:11 . 2013-01-08 00:11	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-08 00:11 . 2013-01-08 00:11	--------	d-----w-	c:\program files (x86)\Java
2013-01-07 23:59 . 2013-01-07 23:59	--------	d-----w-	c:\programdata\Diving Log
2013-01-07 23:47 . 2013-01-07 23:47	--------	d-----w-	c:\users\***\AppData\Roaming\OSTC
2013-01-06 00:52 . 2013-01-06 00:53	--------	d-----w-	c:\users\***\AppData\Roaming\.minecraft
2012-12-28 16:17 . 2012-12-28 16:17	--------	d-----w-	c:\programdata\Motorola
2012-12-28 16:07 . 2013-01-16 18:36	--------	d-----w-	C:\Temp
2012-12-28 16:07 . 2012-12-28 16:07	--------	d-----w-	c:\users\***\AppData\Roaming\Motorola Mobility
2012-12-28 16:06 . 2012-12-28 16:07	--------	d-----w-	c:\program files (x86)\Motorola Mobility
2012-12-28 16:06 . 2012-12-28 16:06	--------	d-----w-	c:\program files (x86)\Motorola
2012-12-28 16:06 . 2012-12-28 16:06	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-12-28 16:06 . 2012-12-28 16:06	--------	d-----w-	c:\program files\Motorola Inc
2012-12-28 16:06 . 2012-12-28 16:06	--------	d-----w-	c:\program files\Common Files\Motorola Shared
2012-12-28 16:04 . 2012-12-28 16:04	--------	d-----w-	c:\users\***\AppData\Roaming\Motorola
2012-12-28 15:29 . 2012-12-28 17:08	--------	d-----w-	c:\users\***\AppData\Roaming\MyPhoneExplorer
2012-12-24 11:49 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-24 11:49 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-24 11:49 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-24 11:49 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-20 18:22 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-20 18:22 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-20 18:22 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-20 18:22 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 18:36 . 2012-06-20 23:33	440	----a-w-	c:\users\***\AppData\Roaming\sp_data.sys
2013-01-13 22:09 . 2012-06-21 16:22	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 20:21 . 2012-07-07 04:01	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 20:21 . 2012-07-07 04:01	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 00:13 . 2012-11-03 23:26	959976	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-08 00:13 . 2012-11-03 23:26	1081320	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-01-08 00:11 . 2012-11-03 23:29	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-08 00:11 . 2012-11-03 23:29	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-11-30 04:45 . 2013-01-09 19:43	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-15 22:33 . 2012-11-15 22:33	111968	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2012-11-08 10:29 . 2012-11-08 10:29	1402312	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-10-22 12:02 . 2012-10-22 12:02	154464	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-24 3331312]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe" [2011-07-29 737104]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-21 102568]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-06-02 3058304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-24 549040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
R3 AX88772B;ASIX AX88772B USB2.0 to Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ax88772b.sys [2012-04-05 110592]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008]
R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-01-27 34200]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-06-11 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-06-08 27136]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-03-29 273168]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-03-15 311400]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-04-13 277120]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-17 135952]
S2 DptfParticipantProcessorService;Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application;c:\windows\SysWOW64\DptfParticipantProcessorService.exe [2012-02-20 18944]
S2 DptfPolicyConfigTDPService;Intel(R) Dynamic Platform & Thermal Framework Config TDP Service Application;c:\windows\SysWOW64\DptfPolicyConfigTDPService.exe [2012-02-20 19968]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2012-04-10 193536]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-03-29 2669840]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-02-29 17152]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys [2011-12-21 35968]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys [2011-11-08 16512]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232]
S3 DptfDevDram;DptfDevDram;c:\windows\system32\DRIVERS\DptfDevDram.sys [2012-02-20 107288]
S3 DptfDevFan;DptfDevFan;c:\windows\system32\DRIVERS\DptfDevFan.sys [2012-02-20 42776]
S3 DptfDevGen;DptfDevGen;c:\windows\system32\DRIVERS\DptfDevGen.sys [2012-02-20 64792]
S3 DptfDevPch;DptfDevPch;c:\windows\system32\DRIVERS\DptfDevPch.sys [2012-02-20 96024]
S3 DptfDevProc;DptfDevProc;c:\windows\system32\DRIVERS\DptfDevProc.sys [2012-02-20 220952]
S3 DptfManager;DptfManager;c:\windows\system32\DRIVERS\DptfManager.sys [2012-02-20 357656]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-02-19 200488]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-03-27 331264]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2012-04-10 26504]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-01-27 25496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 00454123
*Deregistered* - 00454123
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 20:21]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24 02:28]
.
2013-01-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2013-01-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09	227840	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-29 12460136]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\w09thd6h.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-DptfPolicyLpmServiceHelper - c:\windows\SysWOW64\DptfPolicyLpmServiceHelper.exe
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-16  22:53:03
ComboFix-quarantined-files.txt  2013-01-16 21:53
.
Vor Suchlauf: 12 Verzeichnis(se), 52.919.500.800 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 52.509.773.824 Bytes frei
.
- - End Of File - - 0418F98126901663C83AD3B3D3508FDA
         
Neustart wurde nicht durchgeführt. Soll ich?

Geändert von LTB666 (16.01.2013 um 22:09 Uhr)

Alt 17.01.2013, 15:04   #9
markusg
/// Malware-holic
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.01.2013, 17:39   #10
LTB666
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



Hi,

hier die Liste:
Code:
ATTFilter
7-Zip 9.20		16.01.2013		
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146 - notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.01.2013	6,00MB	11.5.502.146 - notwendig
Adobe Reader X (10.1.5) MUI	Adobe Systems Incorporated	15.01.2013	396MB	10.1.5 - notwendig
ASUS AI Recovery	ASUS	02.06.2012	9,10MB	1.0.24 - unbekannt
ASUS FaceLogon	ASUS	02.06.2012	11,9MB	1.0.0014 - unbekannt
ASUS LifeFrame3	ASUS	02.06.2012	37,7MB	3.1.1 - unbekannt
ASUS Live Update	ASUS	25.08.2012	5,26MB	3.1.7 - notwendig
ASUS Power4Gear Hybrid	ASUS	02.06.2012	16,4MB	1.2.1 - unbekannt
ASUS PWR Option	ASUS	02.06.2012	14,3MB	1.1.0 - notwendig
ASUS Splendid Video Enhancement Technology	ASUS	02.06.2012	21,2MB	1.02.0041 - unbekannt
ASUS Tutor	ASUS	02.06.2012	20,1MB	1.0.3 - unbekannt
ASUS USB Charger Plus	ASUS	02.06.2012	6,97MB	2.0.9 - unbekannt
ASUS Virtual Touch	ASUS	02.06.2012	5,76MB	1.0.9 - unbekannt
ASUS WebStorage	eCareme Technologies, Inc.	02.06.2012 - unbekannt		3.0.108.222
ASUS_Scr_ZenbookPrime	ASUS	02.06.2012	152MB	1.0.0001 - unbekannt
AsusVibe2.0	ASUSTEK	02.06.2012		2.0.9.157 - unbekannt
ATK Package	ASUS	11.09.2012	12,0MB	1.0.0010 - unbekannt
AVG 2013	AVG Technologies	10.01.2013		2013.0.2890 - notwendig
AX88772B Windows 7 Drivers	ASIX Electronics Corporation	02.06.2012	5,32MB	1.0.2.0 - unbekannt
Bubbletown	Oberon Media	02.06.2012 - unbekannt		
CCleaner	Piriform	19.12.2012		3.26 - notwendig ;)
Control ActiveX de Windows Live Mesh para conexiones remotas	Microsoft Corporation	23.02.2012	5,37MB	15.4.5722.2 - unbekannt
Controlo ActiveX do Windows Live Mesh para Ligações Remotas	Microsoft Corporation	23.02.2012	5,38MB	15.4.5722.2 - unbekannt
Contrôle ActiveX Windows Live Mesh pour connexions à distance	Microsoft Corporation	23.02.2012	5,37MB	15.4.5722.2 - unbekannt
Deadtime Stories	Oberon Media	02.06.2012 - unbekannt		
Diving Log 5.0	Divinglog	08.01.2013		5.0 - notwendig
Dream Day First Home	Oberon Media	02.06.2012 - unbekannt		
Dream Vacation Solitaire	Oberon Media	02.06.2012 - unbekannt		
Dropbox	Dropbox, Inc.	24.12.2012		1.6.10 - notwendig
ESET Online Scanner v3		15.01.2013 - unnötig		
ETDWare PS/2-X64 10.5.9.0	ELAN Microelectronic Corp.	02.06.2012		10.5.9.0 - unbekannt
Farm Frenzy 3 - Madagascar	Oberon Media	02.06.2012 - unbekannt		
Galapago	Oberon Media	02.06.2012 - unbekannt		
Game Park Console	Oberon Media Inc.	02.06.2012		1.2.4.431 - unbekannt
Go Go Gourmet Chef of the Year	Oberon Media	02.06.2012 - unbekannt		
Google Chrome	Google Inc.	23.02.2012		15.0.874.120 - notwendig
InstantOn for NB	ASUS	02.06.2012	7,44MB	2.3.2 - benötigt
Intel(R) Dynamic Platform & Thermal Framework	Intel Corporation	02.06.2012		6.0.1.1067 - unbekannt
Intel(R) Manageability Engine Firmware Recovery Agent	Intel Corporation	02.06.2012	54,8MB	1.0.0.35342 - unbekannt
Intel(R) Management Engine Components	Intel Corporation	02.06.2012		8.0.3.1427 - unbekannt
Intel(R) OpenCL CPU Runtime	Intel Corporation	02.06.2012 - unbekannt		
Intel(R) Processor Graphics	Intel Corporation	02.06.2012		8.15.10.2696 - unbekannt
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed	Intel Corporation	02.06.2012	5,30MB	15.1.0.0096 - unbekannt
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology	Intel Corporation	02.06.2012	95,2MB	2.1.1.0153 - unbekannt
Intel(R) Rapid Start Technology	Intel Corporation	02.06.2012		1.0.0.1024 - unbekannt
Intel(R) USB 3.0 eXtensible Host Controller Driver	Intel Corporation	02.06.2012		1.0.4.225 - unbekannt
Intel(R) WiDi	Intel Corporation	02.06.2012	141MB	3.0.13.0 - unbekannt
Intel® AT Service signup	Intel Corporation	02.06.2012	374KB	2.0.0.3 - unbekannt
Intel® PROSet/Wireless WiFi Software	Intel Corporation	02.06.2012	181MB	15.01.1000.0927 - unbekannt
Intel® Trusted Connect Service Client	Intel Corporation	02.06.2012	10,6MB	1.23.605.1 - unbekannt
Java 7 Update 10	Oracle	08.01.2013	130MB	7.0.100 - notwendig
Java 7 Update 10 (64-bit)	Oracle	08.01.2013	127MB	7.0.100
Mahjong Memoirs	Oberon Media	02.06.2012 - notwendig		
Malwarebytes Anti-Malware Version 1.70.0.1100	Malwarebytes Corporation	16.01.2013	18,4MB	1.70.0.1100 - benötigt
Mares DRAK	Mares Spa	31.08.2012	31,4MB	1.5.0 - benötigt
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	24.02.2012	38,8MB	4.0.30319 - benötigt
Microsoft .NET Framework 4 Extended	Microsoft Corporation	24.02.2012	51,9MB	4.0.30319 - benötigt
Microsoft Office Professional 2010	Microsoft Corporation	26.06.2012		14.0.6029.1000 - benötigt
Microsoft Silverlight	Microsoft Corporation	21.06.2012	40,3MB	4.1.10329.0 - benötigt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	23.02.2012	1,69MB	3.1.0000 - unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	28.12.2012	300KB	8.0.61001 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	02.06.2012	788KB	9.0.30729 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	21.06.2012	786KB	9.0.30729.6161 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	02.06.2012	596KB	9.0.30729 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	21.06.2012	592KB	9.0.30729.4148 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	21.06.2012	598KB	9.0.30729.6161 - unbekannt
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	02.06.2012	13,8MB	10.0.40219 - unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	02.06.2012	11,1MB	10.0.40219 - unbekannt
Motorola Device Manager	Motorola Mobility	28.12.2012		2.3.4  benötigt
Mozilla Firefox 15.0.1 (x86 de)	Mozilla	11.09.2012	55,2MB	15.0.1 - unnötig
Mozilla Firefox 16.0.2 (x86 de)	Mozilla	29.12.2012	38,5MB	16.0.2 - unnötig
Mozilla Thunderbird 13.0.1 (x86 de)	Mozilla	21.06.2012	39,1MB	13.0.1 - benötigt
Mozilla Thunderbird 17.0.2 (x86 de)	Mozilla	15.01.2013	41,9MB	17.0.2 - benötigt
MRU-Blaster v1.5 (Database 3/28/2004)	Javacool Software LLC	29.11.2012 - benötigt		1.5
MSXML 4.0 SP3 Parser	Microsoft Corporation	28.12.2012	1,47MB	4.30.2100.0 - unbekannt
MSXML 4.0 SP3 Parser (KB2721691)	Microsoft Corporation	03.01.2013	1,53MB	4.30.2114.0 - unbekannt
MSXML 4.0 SP3 Parser (KB2758694)	Microsoft Corporation	11.01.2013	1,54MB	4.30.2117.0 - unbekannt
MyPhoneExplorer	F.J. Wechselberger	28.12.2012		1.8.4 - benötigt
Opera 12.12	Opera Software ASA	30.12.2012		12.12.1707 - benötigt
OSTC Planner	OSTC	08.01.2013	14,8MB	451 - benötigt
Plants vs Zombies	Oberon Media	02.06.2012 - unbekannt		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	02.06.2012		6.0.1.6608 - benötigt
Realtek USB 2.0 Reader Driver	Realtek Semiconductor Corp.	02.06.2012		6.1.7600.10010 - benötigt
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)		31.08.2012 - unbekannt		
Skype™ 6.0	Skype Technologies S.A.	08.12.2012	20,3MB	6.0.126 - benötigt
Turbo Fiesta	Oberon Media	02.06.2012 - unbekannt		
Visual Studio 2008 x64 Redistributables	AVG Technologies	21.06.2012	10,0MB	10.0.0.2 - unbekannt
Visual Studio 2010 x64 Redistributables	AVG Technologies	13.12.2012	12,4MB	13.0.0.1 - unbekannt
VLC media player 2.0.4	VideoLAN	28.11.2012		2.0.4 - benötigt
Windows Live Essentials	Microsoft Corporation	23.02.2012		15.4.3538.0513 - unbekannt
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	23.02.2012	5,37MB	15.4.5722.2 - unbekannt
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	23.02.2012	5,37MB	15.4.5722.2 - unbekannt
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	23.02.2012	5,38MB	15.4.5722.2 - unbekannt
WinFlash	ASUS	02.06.2012	881KB	2.41.1 - unbekannt
Wireless Console 3	ASUS	02.06.2012	9,11MB	3.0.27 - unbekannt
World of Goo	Oberon Media	02.06.2012 - unbekannt		
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις	Microsoft Corporation	23.02.2012	5,38MB	15.4.5722.2 - unbekannt
Элемент управления Windows Live Mesh ActiveX для удаленных подключений	Microsoft Corporation	23.02.2012	5,37MB	15.4.5722.2 - unbekannt
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים	Microsoft Corporation	23.02.2012	5,37MB	15.4.5722.2 - unbekannt
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة	Microsoft Corporation	23.02.2012	5,37MB	15.4.5722.2 - unbekannt
適用遠端連線的 Windows Live Mesh ActiveX 控制項	Microsoft Corporation	23.02.2012	5,56MB	15.4.5722.2 - unbekannt
         
Bei den Systemprogrammen wo ich mir zwar ungefähr zusammenreimen kann was sie machen, aber nicht weiß ob sie zwingend benötigt werden, habe ich 'unbekannt' angegeben. Ebenso bei den (wohl vorinstallierten) Spielen, die ich nie geöffnet habe. Ich hoffe, das war in deinem Sinne. Allerdings kommen dadurch leider sehr viele 'unbekannte' zusammen.
Viele Grüße, L.

Alt 17.01.2013, 17:44   #11
markusg
/// Malware-holic
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Control
Controlo
Contrôle
Deadtime
Dream : beide
ESET

Farm
Galapago
Game
Go
Java : beide
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Plants vs
Windows Live : alle von dir nicht verwendeten.
World of

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.01.2013, 17:57   #12
LTB666
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



Sorry für die Zwischenfrage: Über CCleaner deinstallieren nehme ich an?

Alt 17.01.2013, 17:59   #13
markusg
/// Malware-holic
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



Ja, oder über Software, wies dir gefällt :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.01.2013, 19:07   #14
LTB666
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



Ergebnis:
Code:
ATTFilter
# AdwCleaner v2.106 - Datei am 17/01/2013 um 20:04:22 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lars - ZENBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lars\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Softonic

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Datei : C:\Users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\w09thd6h.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v12.12.1707.0

Datei : C:\Users\Lars\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [889 octets] - [17/01/2013 20:04:22]

########## EOF - C:\AdwCleaner[R1].txt - [948 octets] ##########
         
Die ganzen Spiele konnten weder über CCleaner noch über Software deinstalliert werden. Bei letzterer Methode kam die Meldung 'wurde möglicherweise nicht richtig deinstalliert'. Ich habe dann die Option 'mit empfohlenen Einstellungen deinstallieren' gewählt, was aber auch keinen sichtbaren Effekt hatte. CCleaner sieht alle auch nach dem Neustart noch.

Alt 17.01.2013, 19:28   #15
markusg
/// Malware-holic
 
GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Standard

GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen



Hi,
da versuch mal den Rewo:
http://www.hijackthis-forum.de/tipps...installer.html
der kann das sicher deinstalieren.

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

neustarten, testen, wie der PC + Programme wie Browser laufen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen
adobe, autorun, avg, bho, bildschirm, defender, fehlermeldung, firefox, flash player, format, frage, home, logfile, monitor, realtek, registry, scan, senden, sicherheit, software, starten, trojaner, usb, windows



Ähnliche Themen: GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen


  1. Mehrere Trojaner eingefangen, Windows 7 x86
    Log-Analyse und Auswertung - 23.12.2013 (7)
  2. Windows 7, Trojaner eingefangen
    Log-Analyse und Auswertung - 28.10.2013 (13)
  3. Windows XP , Trojaner eingefangen ( QVO6 )
    Log-Analyse und Auswertung - 13.10.2013 (31)
  4. GVU-Trojaner eingefangen! (Windows 7 64 Bit)
    Log-Analyse und Auswertung - 15.08.2013 (1)
  5. GVU Trojaner auf Windows 7 64Bit Sytem eingefangen
    Log-Analyse und Auswertung - 29.07.2013 (15)
  6. trojaner unter windows 8 eingefangen
    Log-Analyse und Auswertung - 27.07.2013 (13)
  7. Windows 8 - Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (7)
  8. GVU/BKA Trojaner eingefangen auf Windows 7 64 Professional
    Log-Analyse und Auswertung - 25.02.2013 (1)
  9. GVU Trojaner eingefangen - Windows Vista
    Log-Analyse und Auswertung - 05.10.2012 (4)
  10. GVU Trojaner eingefangen, Windows 7 prof. 64 bit
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (16)
  11. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  12. Windows Verschlüsselungs trojaner eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2012 (2)
  13. Windows-Verschlüsselungs Trojaner eingefangen
    Log-Analyse und Auswertung - 18.05.2012 (1)
  14. Trojaner Windows blockiert eingefangen!
    Log-Analyse und Auswertung - 09.01.2012 (23)
  15. Bundespolizei Trojaner eingefangen Windows XP
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (3)
  16. Trojaner eingefangen: Windows Recovery
    Log-Analyse und Auswertung - 10.05.2011 (20)
  17. Windows Recovery Trojaner eingefangen
    Log-Analyse und Auswertung - 08.05.2011 (1)

Zum Thema GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen - Hallo, beim Surfen mit Opera habe ich mir o.g. Trojaner (die Version mit dem Webcam-Bild) eingefangen. Ich kann den Rechner mittels eines Tricks (schnell Programme öffnen bevor der Bildschirm 'gekapert' - GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen...
Archiv
Du betrachtest: GVU-Trojaner 2.07 auf Windows 7 64 bit eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.